December 06, 2011

MIT researchers suggest power grid security oversight

The U.S. government should give a single federal agency responsibility for cyber security preparedness, response and recovery across the electricity sector, researchers at the Massachusetts Institute of Technology (MIT) recommended in a new report

While a number of entities have a stake in maintaining the cyber security of the U.S. power grid, no single organization is currently responsible for overseeing security across all aspects of grid operations, according to the report, released Monday. For example, while bulk power systems must comply with reliability standards issued by the North American Electric Reliability Corp. (NERC), there is no oversight of compliance for the distribution system, or the portion of the electric power system that carries power to consumers.

“This lack of a single operational entity with responsibility for grid cyber security preparedness, as well as response and recovery, creates a security vulnerability in a highly interconnected electric power system comprising generation, transmission and distribution,” the report states.

The researchers said they “do not feel qualified” to recommend which agency should take responsibility for overseeing cyber security, but noted that the U.S. Homeland Security and Energy departments, and the Federal Energy Regulatory Commission, which oversees the development of bulk power system security standards, are all options. A White House legislative proposal, issued in May, would make the DHS responsible for working with industry to enhance critical infrastructure security.

The MIT report's authors said it would be impossible to fully protect the grid from cyber attacks, and even compliance with cyber security standards will not necessarily make the grid completely secure.

Plus, the cost will be high. Making a business case for investing in security is difficult since the probability of a serious event is low and the implications are difficult to quantify.

Ultimately, however, as cyber threats rapidly evolve, the government and industry must find a way to improve the electric grid's resilience to attacks, while balancing cost, the researchers said.

Related Articles
Related Topics
Related Links

Sign up to our newsletters

More in News

House Intelligence Committee OKs amended version of controversial CISPA

Despite the 18-to-2 vote in favor of the bill proposal, privacy advocates likely will not be satisfied, considering two key amendments reportedly were shot down.

Judge rules hospital can ask ISP for help in ID'ing alleged hackers

The case stems from two incidents where at least one individual is accused of accessing the hospital's network to spread "defamatory" messages to employees.

Three LulzSec members plead guilty in London

Ryan Ackroyd, 26; Jake Davis, 20; and Mustafa al-Bassam, 18, who was not named until now because of his age, all admitted their involvement in the hacktivist gang's attack spree.